[SERVER-11030] Can't prompt for PEM password with —fork Created: 03/Oct/13  Updated: 10/Dec/14  Resolved: 07/Oct/13

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: 2.5.2
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: Kyle Erf Assignee: Unassigned
Resolution: Won't Fix Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Operating System: ALL
Steps To Reproduce:

Build mongod with ssl enabled. Run something like

mongod --sslOnNormalPorts --sslPEMKeyFile testServer.pem --sslCAFile testCA/cacert.pem --sslClusterFile testCluster.pem --clusterAuthMode x509 --fork --logpath log.out

where one of the .pem files is password protected

Participants:

 Description   

When running a mongod with --sslPEMKeyFile or --sslClusterFile, normally the user will be prompted for their key passwords for each given key if --sslPEMKeyPassword or --sslClusertPassword are not added as command line arguments.

However, if a user uses a password-protected keyfile without a password given as a command line argument and also uses --fork, they are never prompted for a password; mongod just fails with the message:

ERROR: cannot read PEM key file: /home/kyle/QA/QA-339/testCluster.pem error:0906406D:PEM routines:PEM_def_callback:problems getting password

Forking without supplying a password for a .pem file on the command line should either still prompt the user for the password, or fail with a much more specific error message.



 Comments   
Comment by Eric Milkie [ 03/Oct/13 ]

--fork is intended for noninteractive environments, so I don't think this is a real problem. We already [will] document that you must have an interactive terminal connected if you want to use this feature.

Generated at Thu Feb 08 03:24:41 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.